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Abstract. We study novel simulation-like preorders for quotienting nondeter- 
ministic Biichi automata. We define fixed-word delayed simulation, a new pre- 
order coarser than delayed simulation. We argue that fixed-word simulation is 
, the coarsest forward simulation-like preorder which can be used for quotienting 

Biichi automata, thus improving our understanding of the limits of quotienting. 
' Also, we show that computing fixed-word simulation is PSPACE-complete. 

On the practical side, we introduce proxy simulations, which are novel polynomial- 
' time computable preorders sound for quotienting. In particular, delayed proxy 

simulation induce quotients that can be smaller by an arbitrarily large factor than 
direct backward simulation. We derive proxy simulations as the product of a the- 
ory of refinement transformers: A refinement transformer maps preorders non- 
decreasingly, preserving certain properties. We study under which general condi- 
l_J ' tions refinement transformers are sound for quotienting. 

, \ 1 Introduction 

! Biichi automata minimization is an important topic in automata theory, both for the 

' theoretical understanding of automata over infinite words and for practical applications. 

\ Minimizing an automaton means reducing the number of its states as much as possible, 

' while preserving the recognized language. Minimal automata need not be unique, and 

\ their structure does not necessarily bear any resemblance to the original model; in the 

realm of infinite words, this holds even for deterministic models. This hints at why exact 
\ minimization has high complexity: Indeed, minimality checking is PSPACE-hard for 

nondeterministic models (already over finite words [12]), and NP-hard for deterministic 
Biichi automata ||T9l . Moreover, even approximating the minimal model is hard |l8]. 
By posing suitable restrictions on the minimization procedure, it is nonetheless pos- 
. , , sible to trade exact minimality for efficiency. In the approach of quotienting, smaller au- 

rS ' tomata are obtained by merging together equivalent states, under appropriately defined 

, equivalences. In particular, quotienting by simulation equivalence has proven to be an 

" ■ ■ effective heuristics for reducing the size of automata in cases of practical relevance. 

The notion of simulation preorder and equivalence 1 17| is a crucial tool for com- 
paring the behaviour of systems. It is best described via a game between two players. 
Duplicator and Spoiler, where the former tries to stepwise match the moves of the lat- 
ter But not every simulation preorder can be used for quotienting: We call a preorder 
good for quotienting (GFQ) if the quotient automaton (w.rt. the induced equivalence) 
recognizes the same language as the original automaton. In particular, a necessary con- 
dition for a simulation to be GFQ is to take into account the acceptance condition: For 
example, in direct simulation |4|, Duplicator has the additional requirement to visit an 
accepting state whenever Spoiler does so, while in the coarser /a/r simulation 1 10|, Du- 
plicator has to visit infinitely many accepting states if Spoiler does so. But, while direct 



simulation is GFQ ||2l, fair simulation is not OJ |Q This prompted the development of 
delayed simulation ||6|, a GFQ preorder intermediate between direct and fair simulation. 

We study the border of GFQ preorders. In our first attempt we generalize delayed 
simulation to delayed containment. While in simulation the two players take turns in 
selecting transitions, in containment the game ends in one round: First Spoiler picks an 
infinite path, and then Duplicator has to match it with another infinite path. The win- 
ning condition is delayed-like: Every accepting state of Spoiler has to be matched by 
an accepting state of Duplicator, possibly occurring later. Therefore, in delayed con- 
tainment Duplicator is much stronger than in simulation; in other words, containment 
is coarser than simulation. In fact, it is too coarse: We give a counterexample where 
delayed containment is not GFQ. We henceforth turn our attention to finer preorders. 

In our second attempt, we remedy to the deficiency above by introducing fixed- 
word delayed simulation, an intermediate notion between simulation and containment. 
In fixed-word simulation. Spoiler does not reveal the whole path in advance like in 
containment; instead, she only declares the input word beforehand. Then, the simulation 
game starts, but now transitions can be taken only if they match the word fixed earlier 
by Spoiler. Unlike containment, fixed-word delayed simulation is GFQ, as we show. 

We proceed by looking at even coarser GFQ preorders. We enrich fixed-word sim- 
ulation by allowing Duplicator to use multiple pebbles, in the style of |5 1. The question 
arises as whether Duplicator gains more power by "hedging her bets" when she already 
knows the input word in advance. By using an ordinal ranking argument (reminiscent of 
iTlSl ). we establish that this is not the case, and that the multipebble hierarchy collapses 
to the 1-pebble case, i.e., to fixed-word delayed simulation itself. Incidentally, this also 
shows that the whole delayed multipebble hierarchy from [5 1 is entirely contained in 
fixed- word delayed simulation — the containment being strict. 

For what concerns the complexity of computing fixed-word simulation, we establish 
that it is PSPACE-complete, by a mutual reduction from Biichi automata universality. 

With the aim of getting tractable preorders, we then look at a different way of ob- 
taining GFQ relations, by introducing a theory of refinement transformers: A refinement 
transformer maps a preorder ^ to a coarser preorder s.t., once < is known, <' can 
be computed with only a polynomial time overhead. The idea is to play a simulation- 
like game, where we allow Duplicator to "jump" to ^-bigger states, called proxies, after 
Spoiler has selected her transition. Duplicator can then reply with a transition from the 
proxy instead of the original state. We say that proxy states are dynamic in the sense 
that they depend on the transition selected by Spoiler]^ Under certain conditions, we 
show that refinement transformers induce GFQ preorders. 

Finally, we introduce proxy simulations, which are novel polynomial time GFQ pre- 
orders obtained by applying refinement transformers to a concrete preorder ^, namely, 
to backward direct simulation (called reverse simulation in ||201 ). We define two ver- 
sions of proxy simulation, direct and delayed, the latter being coarser than the former, 
and both coarser than direct backward simulation. Moreover, we show that the delayed 
variant can achieve quotients smaller than direct proxy simulation by an arbitrarily large 
factor. Full proofs can be found in the appendix. 

' In fact, for Biichi automata it is well-known that also language equivalence is not GFQ. 
' Proxies are strongly related to mediators UJ. We compare them in depth in Section|6] 



Related work. Delayed simulation ||6| has been extended to generalized automata |fT3l . 
to multiple pebbles |5|, to alternating automata Q and to the combination of the last 
two |3 1. Fair simulation has been used for state space reduction in f9|. The abstract idea 
of mixing forward and backward modes in quotienting can be traced back at least to 
ifTSll ; in the context of alternating automata, it has been studied in |[T] . 

2 Preliminaries 

Games. For a finite sequence tt = eoei • • • Cfc-i, let [7r| = fc be its length, and let 
last(7r) = ek-i be its last element. If tt is infinite, then take |7r| = uj. 

A game is a tuple G = {P, Pq, Pi,pi, F, Fq, Fi, W), where P is the set of positions, 
partitioned into disjoint sets Pq and Pi, pi € Pq is the initial position, F = FqU Fi is 
the set of moves, where lo C Pg x Pi and Fi C Pi x Pq are the set of moves of Player 

and Player 1, respectively, and W C is the winning condition. A path is a finite 
or infinite sequence of states vr ~ PqPqPiPi ■ ■ ■ starting in pj, such that, for all i < |7r|, 
{PijPi) G ^0 and {pl,Pi^i) e Fi- Partial plays and plays are finite and infinite paths, 
respectively. We assume that there are no dead ends in the game. A play is winning for 
Player 1 iff PqPiP2 • • • G W; otherwise, is it winning for Player 0. 

A ifrafegy for Player is a partial function (Jo ■ {PoPi)*Po Pi s.t., for any partial 
play TT G (PoPi ) * -Po, if fo is defined on tt, then tt ■ ao {tt) is again a partial play. A play tt 
is (TQ-conform iff, for every i > 0, p} = (Jq {PoPq ■ ■ 'Pi)- Similarly, a strategy for Player 

1 is a partial function ai : (PoPi)^ i-^ Pq s.t., for any partial play tt G (PqPi)^, if ai 
is defined on tt, then tt ■ (Ji{tt) is again a partial play. A play tt is di -conform iff, for 
every i > 0, p^j^i = (Jo{pqPq ■ ■ - pip]). While we do not require strategies to be total 
functions, we do require that a strategy a is defined on all cr-conform partial plays. 

A strategy ct; is a winning strategy for Player i iff all Uj -conform plays are winning 
for Player i. We say that Player i wins the game G if she has a winning strategy. 

Automata. A nondeterministic Bilchi automaton (NBA) is a tuple Q ~ (Q, S, I , A, F), 
where Q is a finite set of states, Z' is a finite alphabet, / C Q is the set of initial states, 
F C Q is the set of final states and ACQxSxQis the transition relation. We also 
write q — > q' instead of {q, a, q') G A, and just q — > q' when 3a £ S ■ q — > q' . For 
two sets of states q, q' C Q, we write q =^ q' iff Vg' G q' • G q • g q'l^For a 
state q £ Q, let [g G P] = 1 if g is accepting, and otherwise. We assume that every 
state is reachable from some initial state, and that the transition relation is total. 

For a finite or infinite sequence of states p — qoqi ■ ■ ■ and an index i < \p\, let 
cnt-final(/9, i) be the number of final states occuring in p up to (and including) the i-th 
element. Formally, cnt-final(/9, i) = J2o<k<iilk ^ -^1' '^i^h cnt-final(/9, 0) = 0. Let 
cnt-final(/9) ~ cnt-final(/9, \p\). If p is infinite, then cnt-final(/7) = ui iff p contains 
infinitely many accepting states. 

Fix a finite or infinite word w — aoOi • • • . A path tt over w is a sequence go 
Qi — ^ 92 • • • of length |w| + 1. A path is initial if it starts in an initial state go G /, it is a 
run if it is initial and infinite, and it is fair if cnt-final(7r) = uj. An accepting run is a run 
which is fair The language £'^(Q) of a NBA Q is the set of infinite words which admit 
an accepting run, i.e., — {w € S'^ \ there exists an accepting run vr over w}. 

^ This kind of backward-compatible transition had already appeared in 1161 . 



Quotients. Let Q = {Q, 2J, I, A, F) be a NBA and let R be any binary relation on 
Q. We say that Riji is the equivalence induced by R if is the largest equivalence 
contained in the transitive and reflexive closure of R. I.e., R*C\ {R*)~^. Let the 

function : Q ^ 2^ map each element q £ Q to the equivalence class [q\ii C Q 
it belongs to, i.e., [q\B. '■= {q' ^ Q \ <1 ~_r 9'}- We overload [P]r on sets P C Q by 
taking the set of equivalence classes. When clear from the context, we avoid noting the 
dependence of k, and [•] on i?. 

An equivalence « on Q induces the quotient automaton Q~—{ [Q],S, [I] , A~ , [F] ), 
where, for any q,q' ^ Q and a £ S, {[q],a, [q']) G A~ iff {q, a, q') £ A. This is called 
a naive quotient since both initial/final states and transitions are induced representative- 
wise. When we quotient w.r.t. a relation R which is not itself an equivalence, we actually 
mean quotenting w.r.t. the induced equivalence w. We say that R is good for quotienting 
(GFQ) if quotienting Q w.rt. R preserves the language, that is, D^{Q) = £"^(2^). 

Lemma 1. For two equivalences wo,~i. '/~o^~i. then C^iQ^^g) C /^"^(Q-J. In 
particular, by letting Wq be the identity, C^{Q) C C^{Q~^). 

3 Quotienting with forward simulations 

In this section we study several generalizations of delayed simulation, in order to in- 
vestigate the border of good for quotienting (GFQ) forward-like preorders. In our first 
attempt we introduce delayed containment, which is obtained as a modification of the 
usual simulation interaction between players: In the delayed containment game between 
q and s there are only two rounds. Spoiler moves first and selects both an infinite word 
w = aofli • • • and an infinite path q^ qi ■ ■ ■ over w starting m q ~ q^, then, 
Duplicator replies with an infinite path sq si — ^> • ■ • over w starting in s = sp- 
The winning condition is delayed-like: Vi ■ qi £ F =^ 3j > i ■ sj e F. If Duplica- 
tor wins the delayed containment game between q and s, we write q C'^'^ s. Clearly, 
C'^'^ is a preorder implying language containment. One might wonder whether delayed- 
containment is GFQ. Unfortunately, this is not the case (see Figure|5]in the Appendix). 
Therefore, C'^'^ is too coarse for quotienting, and we shall look at finer relations. 

Lemma 2. C'''' is not a GFQ preorder 
3.1 Fixed-word delayed simulation 

Our second attempt at generalizing delayed simulation still retains the flavour of con- 
tainment. While in containment C'''^ Spoiler reveals both the input word w and a path 
over w, in fixed-word simulation Spoiler reveals w only. Then, after w has been 
fixed, the game proceeds like in delayed simulation, with the proviso that transitions 
match symbols in wQ Formally, let w — a^ai ■ • • G S'^ . In the w-simulation game 
G'^{q, s) the set of positions of Spoiler is Pq = Q x Q x \t4, the set of positions of Du- 
pUcator is Pi ^QxQxQxN and {q, s, 0) is the initial position. Transitions are deter- 
mined as follows: Spoiler can select a move of the form {{q, s, i), {q, s, q' , i)) G F^''^^ 



* The related notion of fixed- word /«(> simulation clearly coincides with a;-language inclusion. 



if q — ^ q', and Duplicator can select a move of the form ((g, s, q', i), (q', s', « + 1)) G 
ji«;-de j£ g Noj-jj-g j-jj^]- j-jjg input symbol is fixed, and it has to match the cor- 

responding symbol in w. The winning condition is = {(^Oi soi 0)(gi, si, 1) • • • | Vi • 
Qi ^ F 3j > i • G F}. Let q C^l^ s iff Duplicator wins the w-simulation game 
G'^{q, s), and q s iff g s for all w G 17". Clearly, fixed-word simulation is a 
preorder implying containment. 

Fact 1. is a reflexive and transitive relation, andVq, s E Q ■ q s q C.'^" s. 

Unlike delayed containment, fixed-word delayed simulation is GFQ. Moreover, 
fixed-word delayed simulation quotients can be more succint than (multipebble) de- 
layed simulation quotients by an arbitrarily large factor. See Figure|6]in the Appendix. 



Theorem 1. is good for quotienting. 



Complexity of delayed fixed word simulation. Let q, s be two states in Q. We reduce 
the problem of checking q C.^^ s to the universality problem of a suitable alternating 
Biichi product automaton (ABA) A. We design A to accept exactly those words w s.t. 
Duplicator wins G'^{q, s). Then, by the definition of Cjlj, it is enough to check whether 
A has universal language. See 11211 (or Appendix lA.ll i for background on ABAs. 

The idea is to enrich configurations in the fixed-word simulation game by adding 
an obligation bit recording whether Duplicator has any pending constraint to visit an 
accepting state. Initially the bit is 0, and it is set to 1 whenever Spoiler is accepting; a 
reset to can occur afterwards, if and when Duplicator visits an accepting state. 

Let Q = (Q, I, A, F) be a NBA. We define a product ABA A = {A, S, a) 
as follows: The set of states is A = Q x Q x {0, 1}, final states are of the form a = 
Q X Q X {0} and, for any {q, s, b) E A and a E X!, ( if s E F 

6i{q,s,b),a) ^ /\ y {q',s',b'), where6' = i 1 ifg e i^As 
gJt^g's^s' [b otherwise 

It follows directly from the definitions that q s iff s, 0)) — i7". A reduction 

in the other direction is immediate already for NBAs: In fact, an NBA Q is universal 
iff U Cj!^ Q, where U is the trivial, universal one-state automaton with an accepting 
i7-loop. It is well-known that universality is PSPACE-complete for ABAs/NBAs lil4J . 

Theorem 2. Computing fixed-word delayed simulation is PSPACE-complete. 



3.2 Multipebble fixed-word delayed simulation 

Having established that fixed-word simulation is GFQ, the next question is whether we 
can find other natural GFQ preorders between fixed-word and delayed containment. A 
natural attempt is to add a multipebble facility on top of Cj!^. Intuitively, when Du- 
plicator uses multiple pebbles she can "hedge her bets" by moving pebbles to several 
successors. This allows Duplicator to delay committing to any particular choice by ar- 
bitrarily many steps: In particular, she can always gain knowledge on wy finite number 
of moves by Spoiler. Perhaps surprisingly, we show that Duplicator does not gain more 



power by using pebbles. This is stated in Theorem[3] and it is the major technical result 
of this section. It follows that, once Duphcator knows the input word in advance, there 
is no difference between knowing only the next step by Spoiler, or the next I steps, for 
any finite ^ > 1. Yet, if we allow I = oj lookahead, then we recover delayed containment 
C'''^, which is not GFQ by Lemma|2l Therefore, w.rt. to the degree of lookahead, 
is the coarsest GFQ relation included in C'''^. 

We now define the multipebble fixed-word delayed simulation. Let A: > 1 and w = 
ooai • • ■ G S'^. In the A;-multipebble w-delayed simulation game G'^,'^''{q, s) the set of 
positions of Spoiler is Q x 2*5 x N, the set of positions of Duplicator is Q x 2*3 x Q x 
N, the initial position is {q, {s}, 0), and transitions are: {{q, s, i), {q, s, q' , i)) G Fq iff 
q q', and {(q, s, q' , i), (g', s', i + 1)) G A iff s ^ s' and |s'| < k. 

Before defining the winning set we need some preparation. Given an infinite se- 
quence TT = (go, So, 0)(gi, Si, 1) ■ • • over w = a^ai ■ ■ ■ and a round j > 0, we say 
that a state s G Sj has been accepting since some previous round i < j, written 

accepting^ (s, vr), iff either s ^ F, or i < j and there exists s G Sj_i s.t. s s and 
accepting*_]^(s, tt). We say that Sj is good since round i < j, written good^(sj,7r), 
iff at round j every state s G Sj has been accepting since round i, and j is the least 
round for which this holds l|5] . Duplicator wins a play if, whenever qi & F there exists 
j > i s.t. good*(sj, tt). We write q Cj^"'^'^ s iff Duplicator wins G'^'^^{q, s), and we write 
q C^;de g jff eS'^ -q c^-''" s. 

Clearly, pebble simulations induce a non-decreasing hierarcy: C.j^'^^ C ^j^'^'' Q ■ ■ ■ ■ 
We establish that the hierarchy actually collapses to the fc = 1 level. This result is 
non-trivial, since the delayed winning condition requires reasoning not only about the 
possibility of Duplicator to visit accepting states in the future, but also about exactly 
when such a visit occurs. Technically, our argument uses a ranking argument similar to 
IfTSl (see Appendix |A.2| i, with the notable difference that our ranks are ordinals (< w^), 
instead of natural numbers. We need ordinals to represent how long a player can delay 
visiting accepting states, and how this events nest with each other. Finally, notice that 
the result above implies that the multipebble delayed simulation hierarchy of [5] is 
entirely contained in Cj^, and the containment is strict (Fig.|6]in the appendix). 

Theorem 3. For any NBA Q,k>l and states q,seQ,q ^^/^ s iffq C^/ s. 

4 Jumping-safe relations 

In this section we present the general technique which is used throughout the paper 
to establish that preorders are GFQ. We introduce jumping-safe relations, which are 
shown to be GFQ (Theorem |4|i. In Section |5] we use jumping-safety as an invariant 
when applying refinement transformers. We start off with an analysis of acceping runs. 

Coherent sequences of paths. Fix an infinite word w G S'^ . Let 77 tto, tti , . . . be an 
infinite sequence of longer and longer finite initial paths in Q over (prefixes of) w. We 
are interested in finding a sufficient condition for the existence of an accepting run over 
w. A necessary condition is that the number of final states in tt^ grows unboundedly as i 
goes to u!. In the case of deterministic automata this condition is also sufficient: Indeed, 



in a deterministic automaton there exists a unique run over w, which is accepting exactly 
when the number of accepting stated visited by its prefixes goes to infinity. In this case, 
we say that the 7r,;'s are strongly coherent since they next path extends the previous one. 
Unfortunately, in the general case of nondeterministic au- a,b a 

tomata it is quite possible to have paths that visit arbitrarily 
many final states but no accepting run exists. This occurs 
because final states can appear arbitrarily late. Indeed, con- 
sider Figure [T] Take w — aba^ba^b ■ ■ ■ : For every prefx pjg, i_ Automaton Q. 
Wi = aba?b • • • a* there exists a path tt^ = qq - ■ ■ q - over 
Wi visiting a final state i times. Still, w ^ C^{Q). 

Therefore, we forbid accepting states to "clump away" in the tail of the path. We 
ensure this by imposing the existence of an infinite sequence of indices jQ,ji, ■ ■ ■ s.t., 
for all i, and for all ki big enough, the number of final states in tt^; up to the jrth state 
is at least i. In this way, we are guaranteed that at least i final states are present within 
ji steps in all but finitely many paths. 

Definition 1. Let U :— ttq, tti, . . . be an infinite sequence of finite paths. We say that 
n is a coherent sequence of paths if the following property holds: 

\/i ■ 3j ■3h-\/k>h- i < \'Kk\ A cnt-final(7rfc, j) >i. (1) 

Lemma 3. If U is coherent, then any infinite subsequence U' thereof is coherent. 

We sketch below the proof that coherent sequences induce fair paths. Let II = 
ttq, TTi, . . . be a coherent sequence of paths in Q. Let i = 1, and let ji be the index 
witnessing 7T is coherent. Since the tt^'s are branches in a finitely branching tree, there 
are only a finite number of different prefixes of length ji . Therefore, there exists a prefix 
pi which is common to infinitely many paths. Let 77' = ttq, ttJ^, . . . be the infinite 
subsequence of 77 containing only suffixes of pi. Clearly pi contains at least 1 final 
state, and each tt' in 77' extends pi. By Lemma[3] 77' is coherent. For i = 2, we can 
apply the reasoning again to 77', and we obtain a longer prefix p2 extending pi, and 
containing at least 2 final states. Let 77" be the coherent subsequence of 77' containing 
only suffixes of p2- In this fashion, we obtain an infinite sequence of strongly coherent 
(finite) paths pi,p2, - ■ ■ s.t. pi extends and contains at least i final states. The 
infinite path to which the sequence converges is the fair path we are after 

Lemma 4. Let w G S'^ and ttq, tti, . . . as above. If ttq, tti, . . . is coherent, then there 
exists a fair path p over w. Moreover, if all TTi 's are initial, then p is initial. 

Jumping-safe relations. We established that coherent sequences induce accepting paths. 
Next, we introduce jumping-safe relations, which are designed to induce coherent se- 
quences (and thus accepting paths) when used in quotienting. The idea is to view a 
path in the quotient automaton as a jumping path in the original automaton, where a 
"jumping path" is one that can take arbitrary jumps to equivalent states. Jumping-safe 
relations allows us to transform the sequence of prefixes of an accepting jumping path 
into a coherent sequence of non-jumping paths; by LemmalU this induces a (nonjump- 
ing) accepting path. 




Fix a word w = aoai • • • £ and let Rhe a binary relation over Q. An R- 
jumping path is an infinite sequence 

TT ^ qo Rq^ Rqo qi R q( R qi q2 ■ ■ ■ , (2) 

and we say that tt is initial if qo G /, and fair if qf £ F for infinitely many i's. 

Definition 2. A binary relation R is jumping-safe iff for any initial R-jumping path tt 
there exists an infinite sequence of initial finite paths ttq, tti, . . . over suitable prefixes 
ofw s.t. last(7rj) R qi and, ifn is fair, then ttq, tti, . . . is coherent. 

Tlieorem 4. Jumping-safe preorders are good for quotienting. 

In Section |5] we introduce refinement transformers, which are designed to preserve 
jumping-safety. Then, in Section|6]we specialize the approach to backward direct sim- 
ulation C^J^ 1 20 1, which provides an initial jumping-safe preorder, and which we intro- 
duce next: Cj^J^ is the coarsest preorder s.t. q s implies 1) \l{q' — ^> q) ■ 3{s' 
s) ■ q' s\2)qeF =^ s £ F, and 3) g £ / =^ s e /. 

Fact 2. C^Jj, is jumping-safe and computable in polynomial time. 

5 Refinement transformers 

We study how to obtain GFQ preorders coarser than forward/backward simulation. As a 
preliminary example, notice that it is not possible to generalize simultaneously both for- 
ward and backward simulations. See the counterexample in Fig. |2] where 
any relation coarser than both forward and back- 
ward simulation is not GFQ. Let and ssj?^ be 
backward and forward direct simulation equiva- 
lence, respectively. We have qi w^J^, q2 qs, 
but "glueing together" qi,q2, q3 would introduce 
the extraneous word ba'^. Therefore, one needs to 
choose whether to extend either forward or back- 
ward simulation. The former approach has been 
pursued in the mediated preorders of [JJ (in the Fig- 2. 

more general context of alternating automata). Here, we extend backward refinements. 

We define a refinement transformer tq mapping a relation i? to a new, coarser rela- 
tion To{R). We present tq via a forward direct simulation-like game where Duplicator 
is allowed to "jump" to i?-bigger states — called proxies. Formally, in the tq{R) simula- 
tion game Spoiler's positions are in Q x Q, Duplicator's position are in Q x Q x x Q 
and transitions are as follows: Spoiler picks a transition {{s, q), (s, q, a, q')) £ Fq sim- 
ply when q q' , and Duplicator picks a transition {{s,q,a,q') , {s' ,q')) £ Fi iff 
there exists a proxy s s.t. s R s and s s'. The winning condition is: Vi > ■ £ 
F Si £ F. If Duplicator wins starting from the initial position (s, q), we write 

s tq{R) q. (Notice that we swapped the usual order between q and s here.) 

Lemma 5. For a preorder R, R C- Ro to{R) C to{R). 




Unfortunately, tq (R) is not necessarily a transitive relation. Therefore, it is not im- 
mediately clear how to define a suitable equivalence for quotienting. Figure|2]shows that 
taking the transitive closure of tq (R) is incorrect — already when R is direct backward 
simulation C^J^: Let ^= To(^jJj^,) and let fl We have ~ (?2 ~ 91 d: Qs, 

but qs qi, and forcing qi « q^ is incorrect, as noted earlier. 

Thus, tq{R) is not GFQ and we need to look at its transitive fragments. Let T C 
To(i?). We say that R is F -respecting if q R s A q £ F => s £ F, that T is self- 
respecting if Duplicator wins by never leaving T, that T is appealing if transitive and 
self-respecting, and that T improves on R if R CT. 

Theorem 5. Let R a F -respecting preorder, and let T C to{R) be an appealing, im- 
proving fragment of tq{R). If R is jumping-safe, then T is jumping-safe. 

In particular, by Theorem |4] T is GFQ. Notice that requiring that R is GFQ is not 
sufficient here, and we need the stronger invariant given by jumping-safety. 

Given an appealing fragment T C tq{R), a natural question is whether to(T) im- 
proves on To (i?) , so that tq can be applied repeatedly to get bigger and bigger preorders . 
We see in the next lemma that this is not the case. 

Lemma 6. For any reflexive R, let T C tq{R) be any appealing fragment of tq{R). 
Then, To{T) C tq{R). 

Efficient appealing fragments. By Theorems |4] and |5] appealing fragments of tq are 
GFQ. Yet, we have not specified any method for obtaining these. Ideally, one looks for 
fragments having maximal cardinality (which yelds maximal reduction under quotient- 
ing), but finding them is computationally expensive. Instead, we define a new trans- 
former Ti which is guaranteed to produce only appealing fragments jf| which, while not 
maximal in general, are maximal amongst all improving fragments (Lemma|7]i. 

The reason why to{R) is not transitive is that only Duplicator is allowed to make 
"i?-jumps". This asymmetry is an obstacle to compose simulation games. We recover 
transitivity by allowing Spoiler to jump as well, thus restoring the symmetry. For- 
mally, the Ti(i?) simulation game is identical to the one for to{R), the only differ- 
ence being that also Spoiler is now allowed to "jump", i.e., she can pick a transition 
((s, q), (s, q, a, q')) £ Fq iff there exists q s.t. q R q and q — ^ q'. The winning condi- 
tion is: \/i > ■ qi £ F => Si £ F. Let s ti{R) q if Duplicator wins from position 
(s, q). It is immediate to see that ti{R) is an appealing fragment of to{R), and that ri 
is improving on transitive relations i?'s. Thus, for a preorder R, R C ti{R) C to{R). 
By Theorems |4] and |5] ti{R) is GFQ (if R is i^-respecting). 

It turns out that ri (R) is actually the maximal appealing, improving fragment of 
To (R) . This is non-obvious, since the class of appealing T's is not closed under union — 
still, it admits a maximal element. Therefore, ti is an optimal solution to the problem 
of finding appealing, improving fragments of tq{R). 

Lemma 7. For any R, let T C to{R) be any appealing fragment of tq{R). If R ^ T 
(i.e., R is improving), then T C ti{R). 

^ Ti needs not be the only solution to this problem: Other ways of obtaining appealing fragments 
of To might exist. For this reason, we have given a separate treatment of to in its generality, 
together with the general correctness statement (Theorem |5]l. 



5.1 Delayed-like refinement transformers 

We show that the refinement transformer approach can yield relations even coarser than 
Ti . Our first attempt is to generalize the direct-like winning condition of tq to a delayed 
one. Let Tq" be the same as tq except for the different winning condition, which now is: 
Wi > ■ Qi G F => 3j > i ■ Sj e F. Clearly, Tq*^ inherits the same transitivity issues of 
To- Unfortunately, the approach of taking appealing fragments is not sound here, due to 
the weaker winning condition. See Figure |7]in the Appendix for a counterexample. 

We overcome these issues by dropping Tq*^ altogether, and directly generalize ti 
(instead of tq) to a delayed-like notion. The delayed refinement transformer rf^ is like 
Ti , except for the new winning condition: Vi > 0-qiGF 3j > i-sjGF. Notice that 
Ti^{R) is at least as coarse as ti{R), and incomparable with to{R). Once R is given, 
rf^iR) can be computed in polynomial time. See Appendix ID] 

Lemma 8. For any R, Tf^{R) is transitive. 

Theorem 6. If R is a jumping-safe F-respecting preorder, then Tf''{R) is jumping-safe. 

6 Proxy simulations 

We apply the theory of transformers from Section 0to a specific F-respecting pre- 
order, namely backward direct simulation, obtaining proxy simulations. Notice that 
proxy simulation-equivalent states need not have the same language; yet, proxy sim- 
ulations are GFQ (and computable in polynomial time). 

6.1 Direct proxy simulation 

Let direct proxy simulation, written , be defined as Exy-= [■'■i(Ebw)]^^- 
Theorem 7. C^J, is a polynomial time GFQ preorder at least as coarse as 

Proxies vs mediators. Direct proxy simulation and mediated preorder [1] are in general 
incomparable. While proxy simulation is at least as coarse as backward direct simu- 
lation, mediated preorder is at least as coarse as forward direct simulation. (We have 
seen in Section|5]that this is somehow unavoidable, since one cannot hope to generalize 
simultaneously both forward and backward simulation.) 

One notable difference between the two notions is that proxies are "dynamic", while 
mediators are "static": While Dupicator chooses the proxy only after Spoiler has se- 
lected her move, mediators are chosen uniformly w.rt. Spoiler's move. 

In Figure [3(a)] we show a simple example where achieves greater reduction. Re- 
call that mediated preorder M is always a subset of Cj!^ o(IZj^^)^i [1]. In the example, 
static mediators are just the trivial ones already present in forward simulation. Thus, 
Cj!^ o(E]^J^)~i =!=fw ^^'^ mediated preorder M collapses to forward simulation. On the 
other side, p q and p' q^. Letting s ~ [p, q\ and s' — [p', g^], we obtain the 
quotient in Figure [3(b)| 
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(a) Original automaton. 




a 

(b) Quotient automaton. 



Fig. 3. Direct proxy simulation quotients. 
6.2 Delayed proxy simulation 

Another difference between the mediated preorder approach |[T] and the approach through 
proxies is that proxies directly enable a delayed simulation-like generahzation (see Sec- 

di 

bw 



tion |5.1t . Again, we fix backward delayed simulation Cj^J^ as a starting refinement, and 



we define delayed proxy simulation as C^y-^ bw)] ^■ 



Theorem 8. is a polynomial time GFQ preorder. 



Notice that delayed proxy simulation is 
at least as coarse as direct proxy simula- 
tion. Moreover, quotients w.rt. can be 
smaller than direct forward/backward/proxy 
and delayed simulation quotients by an ar- 
bitrary large factor See Figure 21 Forward 
delayed simulation is just the identity, and 
no two states are direct backward or proxy 
simulation equivalent. But qi Cj^J^, s for any 
< i < fc — 1. This causes any two outer 
states qi,qj to be cj^-equivalent. Therefore, 
the C^^-quotient automaton has only 2 states. 




Fig. 4. 



7 Conclusions and Future Work 



We have proposed novel refinements for quotienting Biichi automata: fixed-word de- 
layed simulation and direct/delayed proxy simulation. Each one has been shown to 
induce quotients smaller than previously known notions. 

We outline a few directions for future work. First, we would like to study practical 
algorithms for computing fixed-word delayed simulation, and to devise efficient frag- 
ments thereof — one promising direction is to look at self-respecting fragments, which 
usually have lower complexity. Second, we would like to exploit the general correctness 
argument developed in Section |4] in order to get efficient purely backward refinements 
(coarser than backward direct simulation). Finally, experiments on cases of practical 
interest are needed for an empirical evaluation of the proposed techniques. 
Acknowledgment. We thank Richard Mayr and Patrick Totzke for helpful discussions, 
and two anonymous reviewers for their valuable feedback. 
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A Proofs and additional material for Section |3] 




a 




a 



(a) The original automaton A. 



(b) The quotient automaton 
Ak:, with q = {po,Pi} the 
new quotient state. 



Fig. 5. An example showing that delayed containment cannot be employed for quo- 
tienting. We have that po is delayed containment equivalent to pi. Notice that the au- 
tomaton A in |(a)| does not accept a", but the quotient automaton A^ in |(b)| obtained by 
identifying Po andpi, does. 

We postpone the proof of Theorem [T] until Section|E] 



Fig. 6. Fixed-word delayed simulaton quotients can achieve arbitrarily high compres- 
sion ratios. 



A.l Alternating Biichi automata 

Below, we give a self-contained definition of alternating Biichi automata. The syntax 
follows the presentation of II2TI . while tbe semantics adheres to |7|. 

For a set A, let (A) be the set of positive boolean formulas over A, that is, (A) 
is the smallest set containing AU {true, false} and closed under the operations A and 
V. For a formula ip G B^ (A) and a set X C A, we write X ^ 1^9 iff the truth assignment 
assigning true to elements in X and false to the elements in A \ X satisfies ip. An 
alternating Biichi automaton (ABA) is a tuple A = {A, S, 5, a), where A is a finite 
set of states, is a finite set of input symbols, S : A x S ^^ i3+ {A) is the transition 




relation and a C A is the set of accepting states. Acceptance of an ABA A is best 
defined via games Q. In this context, the two players are usually named Automaton 
and Pathfinder Given an infinite word w = aooi • • • G and a distinguished starting 
state pj, the acceptance game for w from pj is a game where Pq ^ Q x lj is the set of 
Automaton's positions, Pi = Q x 2*^ x cj is the set of Pathfinder's positions, (p/, 0) 
is the initial position, and transitions are determined as follows. Automaton can select 
a transition {{p, i), {p, p', i)) iff p' 6{p, flj), and Pathfinder can select a transition 
{{p, p', i), (p', i + 1)) iff p' G p'. Finally, the winning condition consists of those paths 
visiting a infinitely often. A state p ^ A accepts w G S'^ iff Automaton wins the 
acceptance game for w from p. A state p is universal iff it accepts every word w G 

A.2 Proof of Theorem |3] 

Preliminaries on ordinals. Let lu be the least infinite ordinal, and let uji be the set of all 
countable ordinals. We denote abitrary ordinals by a or /?, and limit ordinals by A or /x. 
In this paper, is considered to be a limit ordinal. 

Preliminaries on trees. Let [n] = {0, 1, . . . , n — 1}. A tree domain is a non-empty, 
prefix-closed subset V of [n]*. With <pif we denote the prefix order on words; if u <prf 
u', then u' is called a descendant of u and u is an ancestor of u'. In particular, if u' = uc 
for some c G N, then u' is a child of u. A (labelled) L-tree is a pair (y, t), where is a 
tree domain and t -.V ^ Lis a. mapping which assigns a label from L to any node in 
the tree. 

The ranking construction. Len Q — {Q, S, I, A, F) be an automaton, and let n be the 
cardinality of Q. Given an infinite word w = agai • • • G we associate to any state 
g G Q a tree domain and a Q-tree (T^,t^), the unravelling of Q from q while 
reading w, by applying the following two rules: 

- eeT^ andi^"(e) = q. 

- If w has length i, w G T™, f^iu) = p and A(p, ai) — {pQ,pi, . . . ,p5._i}, then, for 
any j s.t. < j < fc, uj G T™ and f^iuj) = p'j. 

It is easy to see that if two nodes at the same level have the same label, then they 
generate isomorphic subtrees. Therefore, we can "compress" (r™,i™) into an infinite 
DAG = {V, E), where F C Q x N is such that (g, I) <E V iff there exists a node 
in {T^, f^) at level / with label q, and ((g, I), {q' , I + 1)) G E iff there exist two nodes 
u and u', labelled with q and q', respectively, s.t. u' is a child of u in {Tq ^t^). We say 
that a vertex (q, /) is accepting iff q ^ F. 

For any G C G^, we say that a vertex (q, I) is a dead end in G iff it has no successor 
in G, and we say that it is inert in G iff no accepting vertex can be reached from {q, I) in 
G. In particular, an inert vertex is not accepting. The girth of G at level / is the maximal 
number of vertices of the form {q, I) in G, and the width of G is the maximal girth over 
infinitely many levels. 

We build a nonincreasing transfinite sequence of DAGs {Gq | a < wi} as follows: 

— "-Tg 

Gq+1 — Ga \ {{q, I) I {q, I) is a dead end in Gq} 
Gx=Hx \ {{q, I) I {q, I) is inert in Hx}, 



where, for any ordinal a, Ha — Clp^a^P- Notice that — Ga', and a < /3 

impHes C Ga- 

Assume that there is no path in with an infinite number of accepting vertices. As 
a direct consequence of Konig's Lemma, we have that when moving from H\ to Ga an 
infinite path is removed from the graph. Therefore, the width of Ga is strictly less than 
the width of Hx- Since the width of G™ is (uniformly) bounded by uj, it follows that 
H^2 is empty, and thus G^2 is empty as well. Therefore, each vertex is either a dead 
end in Ga or inert in H\. In the former case {q, I) is in Ga but not in Ga+i, whereas in 
the latter case {q, I) is in H\ but not in Ga. Accordingly, we associate an ordinal rank 
to every vertex {q, I) in G™: 

rank™(q, /) = sup {a \ {q,l) G Ha} ■ (Rank) 

Therefore, under the assumption that G™ does not contain any fair path, no vertex 
receives rank oj^. On the other side, if G™ contained a fair path, then there exists an 
infinite path of non-inert vertices starting at {q, 0): In this case, the ranking construction 
"does not terminate" and stabilizes (at most) at a nonempty Gi^2 = Ga 7^ for all 



a > Lu^. Thus, vertices in G^2 would receive rank according to (Rank) Since no 



conflict can arise, we drop any assumption about fair paths thereafter, and we uniformly 



apply (Rank) in either case 



Remark 1. It is clear from (Rank) that no ordinal larger than oj^ is actually used in our 
construction. In fact, we could have given an equivalent presentation in terms of pairs 
of natural numbers ordered lexicographically. However, we have chosen to use ordinals 
< oj^ for technical convenience. 

Remark 2. A vertex (g, I) is in Ha iff it has rank > a, and it is in not in Ga iff it has 
rank < a. Therefore, rank™((3', I) = a <;==> (g, I) G Ha \ Ga- 

Lemma 9. If a vertex {q, I) is accepting, then it has rank a + 1. Furthermore, if it has 
rank A + 1, then it is accepting. 

Proof. The first part follows from the fact that an accepting vertex (q, /) is not inert: 
Therefore, (q, /) is a dead end in Ga, so (q, /) ^ Ga+i and rank™(g, I) = a + 1. 

For the second part, assume rank™(q, /) — A+l,i.e., (<?,/) e Ga\ Ga+i- Therefore, 
(g, I) is a dead end in Ga. Since Ga ^ H\, {q, I) is in H\ as well. But H\ has no dead 
ends, therefore {q, I) has at least one successor (q', I + 1) in H\. But (q, I) is a dead 
end in Ga, therefore any such successor (g', Z + 1) is not in Ga- Therefore, (g', I + 1) 
is inert in Hx. 

By contradiction, assume (g, /) that is not accepting. Since it has only inert succes- 
sors (g', / + 1) in Hx, it is itself inert in Hx. But (g, I) £ Ga, so (g, /) is not inert in 
Hx. This is a contradiction, therefore (g, I) is accepting. □ 

We say that a vertex (g', / + 1) is a maximal successor of (g, I) if its rank is max- 
imal amongst all successors of (g, I), and a sequence (go, 0(91' ^ + 1) ' ' ' (<Z/i, I + h) 
is a maximal path if, for any > k < h, {qk+i, I + k) is a maximal successor of 
(qkj + k-l). 



We define a predecessor and a floor operation on ordinals. For an ordinal a, its 
predecessor a — 1 is either a itself if a is a limit ordinal, or (3 if a — /3 + I for some 
/3; its floor [a] := sup;^^^ A is the largest limit ordinal strictly smaller than a. Notice 
that, for < a < w", [a] < a. 

Lemma 10. Let vertex (q, I) have rank a. Then, a) every successor {q' ,1 + 1) has rank 
at most a — 1, and b) there exists a maximal successor attaining rank a—l.As a direct 
consequence, c) every node {q' , I') reachable from {q, I) has a smaller rank a' < a. 

Proof. We split the proof in two cases, depending on whether a is a successor or limit 
ordinal. Let a be a successor ordinal f3 + 1. Then, {q, I) is a dead end in Gp, and thus it 
has no successor in Gp. Therefore, each successor {q' , I + 1} has rank < (3. Moreover, 
we show that at least one successor has rank exactly equal to /3. To this end, let (3* < f3 
be the maximum rank amongst {q, l)'s successors. Notice that no successor {q' , I + 1) 
is in G/s* . As Gp C Gp* , it follows that (q, I) is a dead end in Gp* . Therefore, (q, I) is 
not in G/3-+1, which implies it has rank at most /3* + 1 < /3 + 1. But rank^'(g, = (3 + 1 
by assumption. Therefore, /3* = (3, as required. 

Otherwise, let a be a limit ordinal A. Thus, {q, I) is inert in H\. Let {q' , I + 1) he 
a successor of {q, I). If {q' , I + 1) is not in H\, then, since Gx C H\, {q' , I + 1) is 
not in Gx either. Thus, {q' ,1 + 1) has rank < A in this case. Otherwise, let {q' ,1 + 1) 
be in H\. Since {q, I) is inert in Hx, it follows that {q', I + 1) is inert in Hx as well. 
Therefore, {q' ,1 + 1) gets rank exactly equal to A in this case. Finally, since Hx does 
not contain dead ends, there exists at least one such inert successor in Hx- □ 

Lemma 11. If a vertex (go, I) has a successor ordinal rank a + 1, then there exists a 
maximal path {qo,l){qi,l + 1) ■ ■ ■ {qh, I + h) ending in {qn, I + h) of rank A + 1 with 
[a + IJ < A. 

Proof. We proceed by ordinal induction. If a is a limit ordinal A, the claim holds im- 
mediately: Take /i = 0; clearly, A = [A + Ij . 

Otherwise, let a be a successor ordinal /3 + L That is, vertex (go,0 hasranka + l = 
(/? + 1) + 1. By Lemma [TOl b). ((7o,0 has a maximal successor {qi,l + 1) of rank 
(3 + 1 = a. By induction, there exists a maximal path {qi,l + 1) ■ ■ ■ {qh, I + h) with 
/i > 0, ending in {q^, I + h) of rank A + 1 with [/? + Ij < A. But (3 = a + 1, thus 
[(3 + l\^[a + l\<\. □ 

Lemma 12. If a vertex (go, nonzero limit ordinal rank A, then there exists a 

path (go, ' + 1) • ■ • {qh, I + h) with h > 1 ending in {q^, I + h) of rank a + 1 
with [AJ < a. 

Proof. Let (go, have rank A > 0. By contradiction, assume (go, has no descendant 
(g'j V) of rank a + 1 with [AJ < a. That is, all descendants (g', /') of successor ordinal 
rank a +1 have a < [AJ, which is the same as a+1 < [AJ . By definition, (go, /) is inert 
in ^^A ^ Hyx\ ■ We show that (go, /} is inert in Hyx\ as well. This is a contradiction, 
since A is nonzero, therefore (go, /} would get rank [AJ < A. 

To this end, we show that any vertex reachable from (go , in Hyx\ is non-accepting. 
For such a vertex (g', /') to be accepting, by Lemma|9] it is necessary to have successor 
rank a + 1 < [AJ . Clearly, (g', ^ Hyx\ ■ Therefore, (go , I) is inert in Hyx\ ■ □ 



Lemma 13. Letw e Z"". //rank^^(qo,0) < rank,"'^(so,0), then qo so- 

Proof. Assume rank™ (go, 0) < rank^^ (sq, 0). We show that Duphcator has a winning 
strategy in G'^{qo, sq). For any round i, let {qi, Si) be the current configuration of the 
simulation game, and let the rank of Spoiler and Duplicator at round i be rank™ {qi,i) 
and rank™ (si,i), respectively. Intuitively, Duplicator wins by ensuring both a safety 
and a liveness condition. The safety condition requires Duplicator to always preserve 
the ordering between ranks. I.e., at round i, rank™ (g^, i) < rank™ {si,i). The liveness 
condition enforces Duplicator to (eventually) visit an accepting state if Spoiler does so. 

Duplicator plays in two modes, normal mode and obligation mode. In normal mode 
Duplicator only enforces the safety condition, while in obligation mode Duplicator 
needs to satisfy the liveness condition, while still preserving the safety condition. 

In normal mode, we asssume that Duplicator's rank is a limit ordinal, and, by 
Lemma [TOl Duplicator can preserve the rank by always selecting maximal successors. 
We say that Duplicator p/ay,? maximally during normal mode. The game stays in normal 
mode as long as Spoiler is not accepting. Whenever qi E F at round i, then Duplica- 
tor switches to obligation mode. Suppose that the current rank of Duplicator at round 
i is a limit ordinal A. Since qi e F, by Lemma |9] Spoiler's rank is a successor ordinal 
a + 1 < X. W.l.o.g. we assume that Spoiler plays maximally during obligation mode. 
By Lemma nn there exists a maximal path {qi , i) {qi+i ,i + 1) ■ ■ ■ {qj , j) s.t. Spoiler's 
rank at round j > i is A' + 1. A further move by Spoiler extends the previous path to 
ilj+i^j + 1)- I^y Lemma [Tolb). Spoiler's rank at round j + 1 is now A', and by part 
c) of the same lemma. A' < a + 1. By part b). Duplicator can play a maximal path 
{si,i){si+i,i + 1) • ■ • (sj+i,j + 1) s.t. Duplicator's rank at round j + 1 is A. Thus, 
A' < A, which implies A' < [AJ. So, let {qj+i, Sj+i) be the configuration at round 
j + 1. By Lemma[T2l Duplicator can play a path (sj+i, j + l){sj+2,j + 2) ■ ■ ■ {sk, k) 
with k > j + 1 and s.t. Duplicator's rank at round fc is a' + 1 with [AJ < a' . There- 
fore, A' < a'. By Lemma [TTl Duplicator can extend the previous path with a maximal 
path (sfc, k){sk+i, k + 1) ■ ■ ■ (sh, h) s.t. Duplicator's rank at round h > fc is A" + 1 
with [a' + IJ < A". By Lemma|9l Sh G F, thus Duplicator has satisfied the pending 
obligation. At round h + 1, Duplicator's rank is A" by Lemma [TOlb'). and the game can 
switch to normal mode. Notice that A' < a' < a' + 1 implies A' < [a + Ij . Therefore, 
A' < A" and the safety condition is satisfied. □ 

Lemma 14. Letw e Z"^ andk > I. Ifqo C^'''' sq, then rank™ (go, 0) < rank™ (so,0) 

Proof. We prove the contrapositive. Assume rank™ (go, 0) ^ rank™ (so,0). Since or- 
dinals are linearly ordered, this means rank™ (go, 0) > rank™ (sq, 0). We have to show 
9o 2^"'^'' ■So, for arbitrary fc > 1. Take n to be the size of the automaton. We actually 
prove that Duplicator does not win even with n pebbles, i.e., go ^-S) '^'^ so- 

For any round i, let {qi,Si) be the current configuration of the simulation game 
Gw'^^ilOy ^o)- (For simplicity, we omit the third component.) Notice that identifies a 
subset of vertices at level i in G™ : C {s | (s, i) G G™ }. We extend the notion of 
rank to sets of vertices by taking the maximal rank. That is, the rank of Duplicator at 
round i is sup^gg. rank™ (s, i). As before. Spoiler's rank is just rank™ (g^, i). 

We assume that, at round 0, every pebble has limit rank. If not. Spoiler can enforce 
such a situation by waiting a suitable number of rounds. (I.e., by playing maximally 



according to Lemma[TO]) So, let's Spoiler have limit rank A and Duplicator have limit 
rank /i, with A > /i. We assume that Duplicator always plays maximally, unless she is 
forced to act differently. By Lemma [TZi Spoiler can play a path {qo, 0){qi, 1) • • • {qi,i) 
with i > 0, s.t. her rank at round i is a + 1 and a > [AJ . From A > /i we have [AJ > 
which implies a > /i. By Lemma (TT] Spoiler can extend the previous path with a 
maximal path {qi, i){qi+i, * + 1) • • • (<Zj : i) with j > i, s.t. her rank at round j is A' + 1 
and A' > [a + Ij . By Lemma|9] qj G F. From a + 1 > a > ^we have [a + Ij > /x, 
which implies A' > /i. By performing a further maximal step. Spoiler reaches state 
{qj+i,j + 1), thus attaining rank A'. From now on. Spoiler plays maximally. 

Since Duplicator was playing maximally, in the meanwhile she replied to Spoiler 
with a sequence (sq, 0)(si, 1) • • ■ (sj+i, j + 1) s.t. she has rank /i at round j + 1. 

Now, let (f/j+i, Sj+i) be the current configuration, and remember that Duplicator 
has a pending obligation. That is. Duplicator has to ensure that at some future round k 
all pebbles are good since round j + 1. Let be the position of pebbles at round k. 
This implies that every state in has an accepting predecessor since round j + 1. By 
Lemma|9] accepting pebbles receive successor ranks, and, since ranks are nonincreasing 
along paths in (by LemmafTOli, it follows that every pebble in has rank < /i. That 
is. Duplicator's rank at round k is < /i. Since Duplicator has now satisfied the pending 
obligation, she will again play maximally, from round k on. By LemmajTO] all pebbles 
eventually stabilize to a limit rank. Since there is a finite number of pebbles, it follows 
that at some round h > k Duplicator's rank is /i' < fi. Let be the position of 
Duplicator's pebbles at round h. 

In the meanwhile Spoiler replied with a maximal path {qj+i,j + 1) • ■ (q^, pre- 
serving rank A' > /i > /i' until round h. Therefore, A' > /i' and the situation at round 
h is identical to the initial situation at round 0. 

Since ordinals are well-founded. Spoiler can iterate the whole procedure and after a 
finite number of repetitions Duplicator hits the trap rank cj. At that point. Spoiler would 
have a limit rank A" > lj, so she will just force one more obligation, which would remain 
unmet (vertices of rank oj have no accepting successor). Thus, Spoiler wins. □ 

Theorem|3l For any NBA Q, k > I and states q,s eQ, q cj-; * s iffq C^/ s. 
Proof. By combining the previous two lemmas, we get 

qnf^s =^ q^^^'s ^ (rank^(<z,0)<rank™(s,0)) =^ q s , 

where the first implication holds by the definition of ^f^'^'', and the last two by Lem- 
mas [14] and [13] respectively. 

B Proofs for Section H 

Lemma [3] Let w G Z"" and ttq, tti, . . . as in Definition \l\ If FI — ttq, tti, . . . is 
coherent, then any infinite subsequence 77' = f(o)^ f(i)^ ■ ■ ■ thereof is coherent. 

Proof. Let 77 := ttq, tti, . . . be an infinite coherent sequence, and let 77' := 7rj(o), 7rj(i), 
be any infinite subsequence thereof, for some / : N i-^- N with /(O) < /(I) < • ■ • . We 



have to show 



Vi' • 3j' ■ 3h' ■ W > h'-f < A cnt-final(7r/(fc,),/) > i' . 

Let i' £ N. By taking i := i', by the coherence of 77, there exists j, h s.t 

(*) Vfc > /i • j < iTTfcl A cnt-final(7rfc, j) > i' . 

Let h' be the minimal m s.t. /(m) > h. For any k' > h', we have f{k') > f{h') > h. 
Thus, by letting k :— f{k') in (*), we obtain j < \TTf{ki) \ A cnt-final(7r^(fc/), j') > i' . 
Take j' := j. Since k' > h' was arbitrary, we have proved that 77' is coherent. □ 

Lemma |4l For w G U'^, let 11 — ttq, tti, . . . be a coherent sequence of paths over 
(prefixes of) w. Then, there exists a fair path p over w. Moreover, if all TTi 's are initial, 
then p is initial. 

Proof. Let 77 :— ttq, tti, . . . be a coherent sequence. We prove by induction the fol- 
lowing claim: For I e N, R{1) holds iff there exists a finite sequence of finite paths 
Po <prf Pi <prf • ■ • <prf Pi, with pi of length mi, and an infinite subsequence 77( := 
'^/i(o)''^/i(i)' ■ • ■ of77 with/,(0) < < such that 

(a) cnt-final(p;,TO;) > / (6) 77; is coherent (c) Vfc • pi <prf 7r^,(fc) . (3) 

For the base case / = 0, take po := £ of length mo := 0, and /o(i) = i for any i. 
Then, Tfo = 77 and 7?(0) holds. 

For the inductive step, assume R{1 — 1) holds. That is, there exist po <prf Pi <prf 
■ ■• <prf Pi-i, with of length m;_i, and 77;_i = 7r^,_j(o),7r^,_i(i), . . . with 
pi-i <prf ^/i_i(fc) for ^ny fc- Since 77;_i is coherent, by taking i I, there exist j 
and h s.t., for any tt in the sequence TTf,_-^(h), '^fi-i{h+i), • . • , tt has length at least j and 
cnt-final (tt, j) > I. Since the various tt's are branches in a finitely-branching tree, it fol- 
lows that at any fixed depth d there are only finitely many different branches of length d. 
Therefore, there exists a least one such finite branch which is shared by infinitely many 
tt's. For d = j, we get that there exists a finite path p' of length j s.t. cnt-final(p', > I 
and p' <prf TT for infinitely many such vr's. Let 77; ■^g{fi_i{h)),T^g{fi_^{h+i)), ■ ■ ■ 
be this infinite subsequence. We assume w.l.o.g. that m;_i < j, and, consequently. 
Pi <prf p'- Take fi-=go pi p' and to; := j. Then, (a) and (c) are satisfied by 
construction, while (b) follows by Lemma|3] This proves R{1), concluding the inductive 
step. 

Therefore, one can build the infinite sequence of finite paths e = po <prf Pi <pif • • • 
such that, for any I, pi visits at least I final states. Take p to be the limit of the /9;'s. 
Finally, since pi <pif ttj^ (q) by property (c), it follows that if all TTi's are initial, then so 
is TT (0) ^ and thus p. □ 

Theorem|4j Let Rbe a jumping-safe preorder Then, R is good for quotienting. 

Proof. Assume 7? is jumping-safe and let be the equivalence induced by 7?. We have 
to show £"(2) = £"(Qa,^). The direction £"(Q) C C^iQ^J holds by LemmalU 



For the other direction, assume w e £"(Q^„), with w = oofli • ■ • e S'^. Let 
TT^j, = [90] [qi] [92] • ■ • be an accepting run over w in Q^„. By the definition 
of quotient, for any i, there exist states qi,qf , Qi d Q s.t. qi R qf R qi and qi qi+i- 
That is, 7r~^ induces a jumping path tt as in Equation |2] Moreover, qf can be taken 
in F if [^i] is accepting. Since [go] is initial, we assume w.l.o.g. that go £ I- Since 
i? is jumping-safe and tt is both initial and fair, there exists a coherent sequence of 
initial paths ttq, tti , . . . over prefixes of w. By LemmalU there exist an (non-jumping) 
accepting run over w in Q. Therefore, w G C^{Q). □ 

C Proofs for Section |5] 

Lemma ID For a preorder R, R C Ro to{R) C to{R). 
Proof. Directly from Lemmas [TS] and [TSlbelow. 
Lemma 15. For any reflexive R, RQ tq{R). 

Proof. Let T to{R), and assume s Rq. We have to show s T q. Let's Spoiler select 
a and q' s.t. q q'. Since s R qhy assumption. Duplicator can directly take s := q. 
Trivially q E F =^ s G F, as required by the winning condition. □ 

Lemma 16. For any transitive R, Ro tq{R) C tq{R). 

Proof. Let T := to{R), and assume s R s T q. We have to show s T q. Let's Spoiler 
select a and q' s.t. q q'. Since s T q by assumption. Duplicator can select s s.t. 
s Rs and s s', for some s'. Then, by transitivity, s R s. As q £ F =^ s G F (by 
s T q), we conclude that DupUcator wins from s as well, thus sT q. □ 

Theorem |5j Let R a F-respecting preorder, and let T <Z tq (R) be an appealing, 
improving fragment of tq{R). If R is jumping-safe, then T is jumping-safe. 

Proof. Assume that R is jumping-safe and F-respecting, and let T be an appealing, 
improving fragment of to{R). That is, T is a self-respecting and transitive fragment of 
To(i?), with R Q T. We have to show that T is jumping-safe. To this end, let w = 
aofli • • • G and let the following be an initial T-jumping path 

TT = qaT q^ T qo — > qiT q^ T qi — > q2 ■ ■ • , qo & I ■ 

First, we show by induction the following claim: For any i > 0, there exists a finite 
initial path 

Pi ^ro Rro — > ri R n — > • • • r^, ro G / , 

s.t. ri T qi, and, for any < k < i, qf E F => G F. 

For i = 0, just take tq :— qo. For i > 0, assume pi — vq R fo ri - ■ -rt 
has already been built. Since qf T qi — ^ qi+i, by the definition of T there exists 
qf q' for some qf and q' with qf R qf and q' T qi+i. But qi T qf and, by 
induction hypothesis, n T qi. Since T is transitive, we get Vi T qf, so there exists 



fi — ^ r^+i with Ti R fi and Vi+i T q'. Again by transitivity, we get rj+i T qi+i. 
Moreover, if q[ G F, then since R respects final states, we have qf E F, and, by the 
definition of T, we finally derive € F. Thus, we have just built pi^i = ro Rfo 



From the claim above, let p be the infinite initial i?-jumping sequence resulting by 
taking limit of the p/s. Since R is jumping-safe, there exists an infinite sequence of 
initial finite paths ttq, tti, . . . s.t. last(7ri) R Ti. By assumption i? C T, so last(7ri) T ri 
holds as well. By T qi and transitivity, we obtain last(7ri) T qi. Therefore, the same 
sequence ttq, tti, . . . can be taken as a witness for T being jumping-safe. 

Finally, assume that tt is fair, i.e., qf G F for infinitely many i's. By the claim 
above, ri € F for infinitely many i's, therefore p is fair as well. Since R is jumping- 
safe (by taking rf : = , R being reflexive), we finally infer that ttq , tti , . . . is coherent, 
which concludes the proof. □ 

Lemma|6l For any reflexive R, let T C to[R) be any appealing fragment of tq{R). 
Then, tq(T) C tq(R). That is, at the second iteration tq does not introduce any new 
fragment which could not be found before. 

Proof. Let R be reflexive. Let T be an appealing (= transitive and self-respecting) frag- 
ment of Vq := To{R), and let Vi := tq{T). We have to show Vi C Vq. To this end, 
let s Vi q and let Spoiler choose a transition q q' . By the definition of Vi, there 
exist sT s and s' with s s' and s' Vi q' . By the definition of T, there exist s R s 
and s' with s s' and s' T s' (since T is self-respecting). T being transitive, from 
s' Vi s' T q' and from LemmafTSl we get s' V\ q' . Thus, we let Duplicator choose s and 
s' above, as required by the definition of Vq. Duplicator is winning as q e F implies 
s € F, and the latter implies s E F, the first implication holding by the definition of 
Vi, and the second by T. Therefore, s Vq q. □ 

Lemma 17. For any relation R, ti (R) is transitive. 

Proof. Let T ti (R), and let s T r T p. We have to show s T p. Let Spoiler choose 
a and p and p' s.t. p R p and p p'. We have to show 1) that Duplicator can choose s 
and s' s.t. s R s and s s', and 2) p £ F s & F. For 1), from r T pit follows 
that there exist f and r' s.t. r Rf and f r' . Then, from sT r one can directly find 
the required s and s' . For 2), assume p E F. From r T p it follows that the f found 
above is in F as well. Finally, s E F follows from s T ?- in a similar way. □ 

Lemma 18. For any transitive R, R ^ 

Proof. Let T := ti (R), and assume s Rq. We have to show s T q. Let's Spoiler select 
a and q and q' s.t. q R q and q q'. Since s i? q by assumption, and from R being 
transitive, we have s R q. Thus Duplicator can directly take s := q. Finally, trivially 
q E F => s e F, as required by the winning condition. □ 




n - ■ - TiRfi 



a 



ri+i. This concludes the inductive step, and the claim is proved. 




Lemma |7j For any R, let T C to{R) be any appealing fragment of tq{R). If R ^ T 
(i.e., R is improving), then T C ti{R). 

Proof. Let i?, T as in the statement of the lemma, and let ti{R). We have to show 
T CV. Let qT p, and let Spoiler choose p and p' with p Rp and p p', as required 
by the definition of V. Then, as i? C T by assumption, and T being transitive, we have 
qT p. Therefore, by the definition of T, Duplicator can choose q and q' with q Rq and 
q — > q' . Since T is self-respecting, we have p' T q'. Finally, p £ F J e by 

the definition of T. Therefore, Duplicator is winning, and qV p. □ 



Fig. 7. Quotienting w.rt. appealing fragments of Tq is incorrect, already for unary 
automata. We have (73 Cj^J^ 52 and (74 q2, and the relation T :— {{qi, qi) \ < i < 
6}U{(g„g6) I < I < 6}U{(g,,(Zj) | 2 < i,j < 4}U {{q„q5) | 2 < i < 4} is an 
appealing fragment of TQ''{n-^^). (In particular, q^ Tq''{[='^v/) 94 since q^ can "jump" to 
52-) The equivalence induced by T identifies the states 92, 53, qi, but this is incorrect as 
the resulting automaton would accept the spurious word a'^ . 



Lemma m For any R, rf'^iR) is transitive. 

Proof. A complete and formal proof of transitivity requires the machinery of logbooks 
and composition of (winning) strategies, which is a standard tool for delayed simulation 
(for more details see, e.g., fj]). Here, we highlight the ingredients pertinent to rf'^. 

Let T := rf^iR), and let r T q T p. We have to show r T p. Let Gq be the game 
between r and q, let Gi be the game between q and p, and let G be the outer game 
between r and p. 

The idea is that Duplicator plays G and at the same time updates Go, Gi accord- 
ingly. At round i, if the G-configuration is {ri,pi), then there exists qi s.t. the Go con- 
figuration is {ri,qi) and the Gi configuration is {qi,pi). 

Let Spoiler choose p and transition p Pi+i, with pi R p. Since Gi-Duplicator 
is winning, there exist q and transition q qi+i, with qi R q. Similarly, Go-since 
Duplicator is winning, there exist f and transition f with Vi R f. Thus, 

Duplicator can proceed in G by taking the last transition above. The configuratons are 
updated as follows: The game Go goes to (r^+i, (7^+1), Gi goes to {qi^i,pi^i) and G 
goes to (ri+i,pi+i). 

We now argue that the strategy above is winning. W.l.o.g. we assume that the games 
Go, Gi are updated according to a fixed winning strategy. We show that Duplicator is 




winning in G. Assume pi G F. Since Gi-Duplicator is playing according to a winning 
strategy, there exists k> i s.t. qk £ F. Similarly, as Go -Duplicator is playing according 
to a winning strategy, there exists j > k > i s.t. fj G F. Thus, take j > i s.t. fj £ F, 
as required. □ 

Lemma 19. For any transitive R, R C Tf'^{R). 

Proof. Immediate from R C ti{R) by Lemma [TSl and ti{R) C Tf'^{R) by definition. 

□ 

Theorem|6) IfR is a jumping-safe F -respecting preorder, then Tf''(H) is jumping-safe. 

Proof. Assume that R is a jumping-safe, F-respecting preorder, and let T :— Tf^{R). 
We have to show that T is jumping-safe. During the proof we refer to Figure |8] hereafter 
called "the diagram". Let w = aofli • • • £ U'^, and let vr be an initial T-jumping path 

TT = qoT T qo — > qiT q^ T qi — > q2 ■ • • , qa ^ I ■ 

See the blue path in the diagram. We inductively show how to build the rest of the 
diagram, and then we use this construction for showing that T is jumping-safe. 

Formally, we inductively build a sequence po, pi, . . . , pi such that, for any k < i, 
Pk is a T-ordered k + 4-tuple of states representing the fc-th layer of the diagram, 

Pk = 4TslT ■■■ Tsl-^TslTquTql T q^ . 

Two successive layers are in relations with transitions as follows (cf. the diagram): 

V(l</l<fc)-s^-^S^+l, qk-'^4Xl^ qk^qk+l, 

where the dashed arrow x --^ y represents an i?-jumping transition via some suitable 
proxy. That is, a; - -> y iff there exists a proxy x s.t. x Rx and x y. 

For i — 0, just take Sq := qo. Then, the invariant is clearly satisfied, as go T q^ by 
assumption and qoT qo by T being reflexive. 

For i > 0, assume po, pi, . . . , pi has akeady been built. By induction hypothesis, 
pi is the following T-ordered tuple: 

=s°r4r •■• T s"-^ T slT q,T qf T q, , 

The next layer pi+i, 

= T si+i T • . • T sr+\ T T s'+X T q,+, T qf_,, T , 

is obtained as follows. The last three components qi^i, qf_^i, qi^i are fixed by the T- 

jumping path tt. The rest is determined next. Since qi qi+i, we propagate the tran- 
sition down the chain, by using the definition of T — as indicated by the zigzag arrows 
in the diagram. As qf T qi, there exists an _R-jumping transition qf q' T qi+i. 
Take q'. Similarly, from s\T q,T qf there exists s\ q" T s\X\. Take 

Si+i := q" ■ Clearly, one can build all the remaining states down to s^j^i in the same 
way, thus completing layer i + 1 in the diagram. This concludes the inductive step in 
the definition of pi+i- 



Remark. We assume that each time a new T-game starts from configuration {qf , qi). 
Duplicator fixes a winning strategy, and alway plays accordingly. 

We now prove that final states are "propagated" in the diagram right-to-left, top-to- 
bottom: Formally, we show that, for any i > Q/if qf e F, then there exists j > i s.t. 

s° G F, where 5° is the proxy witnessing s° s^+i- Assume qf e F. Then, since R 

is F-respecting, gf^ £ F, where qf^ is the proxy witnessing ---> s^^\. Since T qf , 
by the definition of r^'^ and by the above remark, there exists > i s.t. s*^ G F, where 

s*^ is the proxy witnessing sj^ Sj^+i- But s*|^^ T s*^, therefore there exists ji > jo 
s.t. s}-i e F, and so on . . . until we reach index ji > ji-i, for which s^. G F. Thus, 
take j := Ji. 

We are finally ready to prove that T is jumping-safe. Notice that the leftmost path 
in the diagram represents an initial i?-jumping path tt', 

TT — Sq it Sq )■ Si K Si > • • • , Sq = go fc ^ • 

Since i? is jumping-safe, there exists an infinite sequence of initial finite paths ttq , tti , . . . 
s.t. last(7ri) R s". Since R is transitive, i? C T by Lemma[T9l Therefore, last(7ri) T s^. 
By T Qi and transitivity, we obtain last(7ri) T qi. Therefore, the same sequence 
TTo, TTi, . . . can be taken as a witness for T being jumping-safe. Finally, since tt is fair, 
i.e., qf G F for infinitely many i's, then tt' is fair, as final states are "propagated" 
(shown above). Since R is jumping-safe, we conclude that ttq, tti, . . . is coherent. □ 
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Fig. 8. Construction for the proof of Theorem |6] 



By using similar techniques, it is possible to show that repeated application of Ti 
does not give coarser relations. This is analogous of what proved in Lemma|6]for tq. 
The proof of this fact is omitted. 



Lemma 20. For any p reorder R, TfirfiR)) C rf (i?). 

D Computing rf (K) 

In this section we give an algorithm for computing rf^iR) from Section ISTl obtained 
as an extension of the classical algorithm for computing delayed simulation |6|. We 
assume that the relation R has already been computed. We build a game graph where 
Duplicator has a Biichi winning objective. 

We enrich configurations from the basic semantic game for Tj'^(i?) with an obliga- 
tion bit recording whether Duplicator has to visit an accepting state. Formally, Spoiler's 
positions are of the form {s,q,b), with q,s ^ Q and b G {0,1}, and Duplicator's 
positions are of the form {s,q,b,a,q'), with q,s,q' G Q, a G S and b G {0,1}. 
Spoiler can pick a move {{s,q,b), {s,q,b,a,q')) G Fq if there exists q ^ Q s.t. 
qRq q', and b — 1 if q d F and b otherwise. Similarly, Duplicator can pick a 
move ((s, g, b, a, <?'), (s', q\ b')) G F[ if there exists s G Q s.t. sRs s\ and b' — 
if s G F and b otherwise. The objective for Duplicator is to ensure that the winning bit 
is infinitely often, that is, every obligation to visit an accepting state is eventually met. 
Formally, the winning condition is 

W^' = {(so,9o,6o)(si,9i,&i)-- - I Vi > 0-3j > - 0} . 
Let CPre be a controlled predecessor operator for Duplicator, defined as 

CPre{X) = {x I V(x, y) e F^ ■ 3{y, z) e F[ ■ z e X} . 

That is, X = (s, q, b) G CPre(X) if Duplicator can force the game in X in one step 
from configuration x. Then, the winning region for Duplicator can be computed by 
evaluating the following fixpoint: 

V = vX ■ fiY ■[b^O]n CPre(X) U CPre(r) , 

where with [b = 0] we have indicated the set of configurations with no obligation 
pending, i.e., [6 = 0] = {{q,s,b) \ q,s e Q,b = 0}. Finally, s rf (i?) q holds iff 
{s,q,0)eV. 

E Proof of Theorem [1] 

First, we define yet another refinement transformer, called fixed-word delayed trans- 
former T^i'^'^ , which is the same as rf^, with the only difference that Spoiler has to 
reveal the whole input word w — aoai • • • in advance. Notice that rj;""'''^, though not 
efficiently computable in general, has properties very similar to rf'. In particular, the 
proof of Theorem |6] works as it is for the lemma below. 

Lemma 21. If R is a jumping-safe F-respecting preorder, then, ■/-^^'^"{R) is jumping- 
safe. 

Theorem[lJ is good for quotienting. 

Proof. Directly from Lemma |2T1 since is (the transpose of) r}""'^'^ applied to the 
identity relation. 



